wireshark_name_resolution

Wireshark Name Resolution tutorial Tutorial

By /

Introduction

In this post, You will learn what is Name resolution in Wireshark and I have made a series of Wireshark tutorials below are the links, do check it out.

There is a Video format of the post, Check that also.

  1. Wireshark Lesson 1 [Click here]
  2. Wireshark Lesson 2 [Click here]
  3. Wireshark Lesson 3 [Click here]
  4. Wireshark Lesson 4 [Click here]
  5. Wireshark Lesson 5 [Click here]

Video

What is Name resolution in Wireshark

Name resolution tries to convert some of the numerical address values into a human-readable format.

In the below section we will be seeing how to configure the Name resolution and If you have any doubt comment down below or watch the youtube video.

Advertisement

Resolving MAC address

You can find the Name resolution edit > preference > Name resolution

Resolve MAC address

To resolve the mac address just click the box and resolving the mac address is noting but you are changing the numerical address to MAC address.

Before resolving MAC address

After Resolving the MAC address

Resolving transport name

When you resolve the transport names you can see all the transport ports are showing the service it is using.

Before resolving transport name

After resolving the transport name

Resolve Network IP address

When you resolve the network IP address you can find the IPv6 address and sometimes you may see the domain names also.

As soon as you made the change you can see in the above pic the source and destination are having domain names instead of IP’s and sometimes you may be seeing the IPV6 address too.

Advertisement

We are changing the IP’s for an easy user interface.

Finding all the resolved IP’s

To find all the resolved IP’s just go to statistics > resolved address

If you go to the hosts we can find all the domains and their addresses. If I have loaded a different file then I will be seeing different domains.

Manually configure host name

You may notice for some of the IP’s there is no hostname because the Wireshark cannot recognise the IP’s but if you know what host IP it is!!! then you can manually configure the hostnames.

I have clicked on the first packet source IP and If I do a right-click we can see the edit resolve name just click on that and keep a hostname for it and this how-to manually add hostnames.

Conclusion

In this post, We have seen how to configure the Name resolution and I hope this blog post will be helpful for you.

See you in the next chapter.

Advertisement

Related Posts

Ads Blocker Image Powered by Code Help Pro

Ads Blocker Detected!!!

We have detected that you are using extensions or brave browser to block ads. Please support us by disabling these ads blocker.Our website is made possible by displaying Ads hope you whitelist our site. We use very minimal Ads in our site

 

Scroll to Top